+372 618 8075
[email protected]
Client Portal
Vendor Portal
Get a Quote

Privacy Policy

Last Updated: June 14, 2025

Terratra OÜ and its affiliates (“Terratra”, “we”, “us”, or “Owner”) are committed to protecting your privacy while providing consulting and translation services. This Privacy Policy explains how we collect, use, store, and share your Personal Data when you interact with our websites, portals, apps (“Websites”), and services, including communications, translation processing, accounting, and collaboration facilitated through third-party providers. We comply with the General Data Protection Regulation (GDPR) in the European Union, the Swiss Federal Act on Data Protection (FADP) for Switzerland-based processors, the Telephone Consumer Protection Act (TCPA), CAN-SPAM Act in the United States, and other applicable data protection laws.

This policy applies to all users, including clients, vendors, and visitors to our Websites (collectively, “you”). By using our Websites or services, you agree to the practices described in this Privacy Policy. If you do not agree, please refrain from using our Websites or services.

1. What is Personal Data?

Personal Data is any information that can identify an individual, either directly or indirectly, such as name, email address, phone number, IP address, billing details, or content in translation projects (“Personal Data”). This includes data provided by you or generated through your use of our Websites and services.

2. What Personal Data Do We Collect and Why?

We collect and process Personal Data to deliver consulting and translation services, communicate project updates, process account notifications, manage accounting, facilitate collaboration, and improve our offerings. Below is an overview of the data we collect, sources, and purposes:

Data We Collect

  • Provided by You: Name, company name, email address, phone number, billing information, translation project content, and data submitted via forms, comments, or communications.
  • Automatically Collected: IP address, browser type, device information, pages visited, time and duration of visits, and cookies (see Section 5).
  • Communication Data: Information related to SMS, phone calls, emails, or video conferences sent through third-party providers for project statuses, deadlines, account notifications, or service updates.
  • Accounting Data: Client or vendor names, billing addresses, or payment details processed for invoicing or financial transactions.
  • User-Generated Content: Comments, translation requests, or content submitted to public project boards or services.
  • Third-Party Data: Anonymized data from third-party services (e.g., a hash of your email address from Gravatar).

Sources

  • Direct interactions (e.g., forms, account registration, project submissions).
  • Automated technologies (e.g., cookies, server logs).
  • Third-party platforms for communications, notifications, translation processing, accounting, or collaboration.
  • Public project boards or user profiles for service matching.

Purposes and Lawful Basis

We process Personal Data for the following purposes, based on GDPR lawful bases (e.g., consent, contract necessity, legitimate interests, or legal obligations):

  • Service Delivery (Contract Necessity): To provide consulting and translation services, manage projects, process translations, facilitate collaboration, manage accounting, and communicate updates via SMS, calls, emails, or video conferences about project statuses, deadlines, or account notifications.
  • Website Functionality (Legitimate Interests): To ensure Websites work correctly, maintain user sessions, and enhance user experience.
  • Customer Support (Contract Necessity): To respond to inquiries, provide technical support, and maintain client accounts.
  • Analytics and Improvement (Legitimate Interests): To analyze Website performance, user behavior, and service effectiveness.
  • Marketing (Consent): To send newsletters, promotions, or event updates, where you have explicitly opted in.
  • Legal Compliance (Legal Obligation): To comply with applicable laws, such as court orders or regulatory requests.
  • Security (Legitimate Interests): To protect against fraud, unauthorized access, or illegal activities.

3. Communications via Third-Party Providers

We use third-party providers, such as Telnyx (United States), Mailgun (United States), Mercata Sagl (Switzerland), Google (United States), and Microsoft (United States), to facilitate business communications, including SMS, phone calls, email notifications, client emails, and video conferences, to keep clients and vendors informed about project statuses, deadlines, account updates, or service-related matters. These communications are strictly related to ongoing service provision and are not unsolicited marketing.

Key Points

  • Consent: We send SMS, calls, emails, or host video conferences only with your prior consent, obtained during onboarding, contract agreement, or opt-in mechanisms. You may withdraw consent at any time (see Section 8).
  • Purpose: Communications are limited to service-related updates, such as project milestones, scheduling, account confirmations, client correspondence, or collaboration meetings.
  • Compliance:
    • GDPR/FADP: We ensure a lawful basis (e.g., contract necessity or consent) for processing communication data.
    • TCPA (US): We obtain express written consent for automated calls or SMS, provide clear opt-out options, and honor opt-out requests immediately.
    • CAN-SPAM (US): Emails include a clear unsubscribe option, and we respect opt-out requests promptly.
  • Opt-Out: To stop receiving SMS or calls, reply “STOP” to any SMS, follow unsubscribe instructions in emails, or contact us at [email protected]. Opting out may limit your ability to receive critical service updates.

4. How We Share Your Data

We may share your Personal Data with trusted parties to deliver our services, comply with legal obligations, or protect our interests. We do not sell your data. Sharing occurs in the following cases:

  • Service Providers: We share data with third-party processors (e.g., communication, hosting, email, translation, accounting, or collaboration providers) bound by data protection agreements.
  • Public Project Boards: Information submitted to public project boards (e.g., translation requests) may be visible to other users to facilitate service matching. Exercise caution when sharing sensitive data.
  • Business Partners: Limited data (e.g., provider certificates) may be shared for bidding or tender processes, with your consent.
  • Legal Requirements: We may disclose data to comply with lawful requests, such as subpoenas, court orders, or to protect our rights, property, or safety.
  • Business Transfers: If Terratra’s ownership changes, your data may be transferred to the new owner, subject to equivalent privacy protections.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, secure our Websites, and analyze performance. Cookies are small text files stored on your device.

Types of Cookies

  • Essential: Necessary for Website functionality, such as maintaining user sessions or enabling secure logins. These do not collect personal data.
  • Functional: Store preferences, like language settings, for a personalized experience.
  • Analytics: Track Website usage (e.g., page visits, unique visitors) to improve performance.
  • Marketing: Deliver relevant ads or track ad campaign effectiveness, used only with your consent.

Cookie Management

Manage cookie preferences via the “Privacy & Cookie Policy” tab on our Website at www.terratra.com. Block or delete cookies through your browser settings. Visit www.allaboutcookies.org for guidance. Disabling essential cookies may affect Website functionality.

Third-Party Tracking

Embedded content (e.g., videos, social media widgets) may include third-party cookies or trackers, subject to their privacy policies. We use Gravatar for comment profile pictures, which may process an anonymized email hash (see https://automattic.com/privacy/).

6. How We Store and Secure Your Data

We prioritize the security of your Personal Data with industry-standard measures, including:

  • Encryption: Data is encrypted in transit (e.g., TLS) and at rest where feasible.
  • Access Controls: Only authorized personnel can access your data.
  • Firewalls: To protect against unauthorized access.
  • Regular Audits: To identify and address vulnerabilities.

No system is completely secure, and we cannot guarantee absolute protection against unlawful access. You are responsible for safeguarding sensitive information and maintaining a pseudonymous identity where possible.

Data Retention

  • Comments: Retained indefinitely for moderation and follow-up comments.
  • User Accounts: Personal Data in user profiles is stored until you request deletion or your account is terminated.
  • Service Communications: Communication data (e.g., SMS, email, video conference logs) is retained for the duration of the service contract and up to 6 years thereafter for legal or audit purposes, unless otherwise required by law.
  • Translation Data: Data processed for translations is retained for the project duration and up to 6 years for quality assurance or legal purposes, unless you request deletion.
  • Accounting Data: Billing or payment details are retained for up to 7 years to comply with tax and financial regulations, unless you request deletion where permissible.
  • Legal Obligations: Data required for compliance (e.g., tax records) is retained as mandated by applicable laws.

You may request deletion of your data, subject to legal retention obligations (see Section 8).

7. Third-Party Processors

We use third-party processors to support our services, all contractually obligated to protect your data and comply with applicable laws (GDPR, FADP, or equivalent). The following table details these processors:

Processor Country Purpose Privacy Policy
Telnyx United States SMS and voice communications https://telnyx.com/privacy-policy
Hostinger Lithuania Website hosting and data storage https://www.hostinger.com/privacy-policy
Mercata Sagl Switzerland Email processing (client communications), compliant with FADP https://www.gmailify.com/docs#t10-1
Mailgun United States Email notifications (e.g., account confirmations, password resets) https://www.mailgun.com/privacy-policy/
Adobe Services United States Document processing (e.g., Adobe Acrobat for managing project files) https://www.adobe.com/privacy/policy.html
memoQ United States Translation project processing https://www.memoq.com/en/legal/privacy-policy
memoQ European Union Translation project processing https://www.memoq.com/en/legal/privacy-policy
Phrase European Union Translation project processing https://phrase.com/privacy/
Trados European Union Translation project processing https://www.rws.com/privacy/
Google United States Email and document collaboration (Google Workspace), cloud storage (Google Cloud), website analytics (Google Analytics), video conferencing (Google Meet) https://policies.google.com/privacy
Microsoft United States Email and document collaboration (Microsoft 365) https://privacy.microsoft.com/en-us/privacystatement
QuickBooks United States Accounting and invoicing (e.g., client billing, vendor payments) https://www.intuit.com/privacy/

8. Your Data Protection Rights

Under GDPR, FADP, and other applicable laws, you have the following rights:

  • Access: Request a copy of your data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): Request deletion, unless retention is required for legal, administrative, or security purposes.
  • Restriction: Limit processing in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format or transfer it to another controller.
  • Object: Oppose processing based on legitimate interests, including marketing.
  • Withdraw Consent: Revoke consent (e.g., for marketing, SMS, emails, or video conferences) at any time.

Exercising Your Rights

Contact our Data Protection Officer at [email protected], including an identity document for verification. We will respond within 30 days, per GDPR/FADP.

Complaints

If dissatisfied, contact a supervisory authority (e.g., Estonian Data Protection Inspectorate for EU residents, Swiss Federal Data Protection and Information Commissioner for FADP issues) or our Data Protection Officer.

9. Are You Obligated to Provide Personal Data?

Providing Personal Data is voluntary, but certain data (e.g., contact details, billing information, project content) is necessary for services, communications, translations, accounting, or collaboration. Withdrawing consent may limit access to features or service updates.

10. Automated Decision-Making and Profiling

We do not use fully automated decision-making or profiling with legal or significant effects. If implemented, we will inform you and detail your rights, as required by law.

11. Where We Send Your Data

Data is primarily processed in the European Economic Area (EEA) or Switzerland, which has GDPR-equivalent protections under the FADP. For processors in the United States (Telnyx, Mailgun, Adobe, memoQ, Google, Microsoft, QuickBooks), data may be processed on servers in the United States, with safeguards like Standard Contractual Clauses to ensure GDPR compliance. Processors in the EEA (Hostinger in Lithuania, memoQ, Phrase, and Trados in the European Union) and Switzerland (Mercata Sagl) process data within GDPR/FADP-compliant regions. Comments may be screened by automated spam detection services, which may process data outside the EEA under equivalent protections.

12. Contact Us

For questions or to exercise your rights, contact our Data Protection Officer:

  • Email: [email protected]
  • Address: Terratra OÜ, Orumetsa tn 5/1-15, Harju maakond, 74111, Maardu linn, Estonia

13. Changes to This Privacy Policy

We may update this policy to reflect changes in practices or legal requirements. Significant changes will be communicated via our Website or email. Review periodically.

This Privacy Policy was last updated on June 14, 2025.

*Terratra OÜ is fully compliant with GDPR, FADP, TCPA, CAN-SPAM, and other applicable regulations to protect your privacy.*